-
- |
-
DNS Cache Attack Back from the Dead: Classic BIND Vulnerabilities Resurface
DNS Cache Attack Back from the Dead: Classic BIND Vulnerabilities Resurface
A classic cyber threat once thought to be dead is now at risk of resurgence. The Internet Systems Consortium (ISC), the organization behind the world's most popular Domain Name System (DNS) software, BIND, has released an urgent security advisory.
The advisory highlights two new vulnerabilities, CVE-2025-5612 and CVE-2025-5613, which could undermine the core defense that has protected internet infrastructure for more than a decade.
If exploited, these flaws could allow attackers to revive "DNS Cache Poisoning" attacks, a highly dangerous method for hijacking internet traffic.
What Is DNS Cache Poisoning?
DNS is the "phonebook" of the internet. When you type google.com in your browser, your system asks a DNS server to get the IP address (a unique number) for Google's server.
The DNS server stores this answer in a cache to speed up future requests.
"Cache Poisoning" occurs when a hacker successfully tricks the DNS server into storing an incorrect answer. The attacker tells the DNS server that the IP address for mybank.com is 1.2.3.4 (the IP address of the hacker's server).
As a result, any user connected to that poisoned DNS server will be automatically redirected to the hacker's phishing website when they try to visit mybank.com, completely without their knowledge.
An "Old" Attack Made "New" Again
DNS Cache Poisoning became major news in 2008 when legendary security researcher Dan Kaminsky demonstrated how easily it could be done.
In response, the internet industry collectively adopted a solution known as "source port randomization." This fix made the attack extremely difficult, as an attacker would have to guess not only the "Transaction ID" (TXID) of the DNS query but also the highly randomized source port number. Guessing both combinations at the same time was considered statistically almost impossible.
However, reports indicate that these new vulnerabilities, particularly CVE-2025-5613, find ways to undermine or reduce the randomness of the 2008 protection. This effectively makes the DNS spoofing attack viable once more.
Urgent Action: Patch Immediately
The ISC has released new, patched versions of BIND 9 to address these critical vulnerabilities. System administrators worldwide who manage DNS servers using BIND are urged to update immediately.
Failure to apply these patches could leave their servers vulnerable to hijacking, potentially endangering the millions of users who rely on those servers for secure internet access.
Referensi: https://arstechnica.com/security/2025/10/bind-warns-of-bugs-that-could-bring-dns-cache-attack-back-from-the-dead
Popular article
Need Any Technology Solution
Let’s Work Together on Project
